Particulars Launched for Not too long ago Patched new macOS Archive Utility Vulnerability

Deal Score0
Deal Score0

Safety researchers have shared particulars a few now-addressed safety flaw in Apple’s macOS working system that might be probably exploited to run malicious functions in a fashion that may bypass Apple’s safety measures.

The vulnerability, tracked as CVE-2022-32910, is rooted within the built-in Archive Utility and “may result in the execution of an unsigned and unnotarized utility with out displaying safety prompts to the person, through the use of a specifically crafted archive,” Apple system administration agency Jamf mentioned in an evaluation.


Following accountable disclosure on Could 31, 2022, Apple addressed the difficulty as a part of macOS Big Sur 11.6.8 and Monterey 12.5 launched on July 20, 2022. The tech big, for its half, additionally revised the earlier-issued advisories as of October 4 so as to add an entry for the flaw.

Apple described the bug as a logic situation that would enable an archive file to get round Gatekeeper checks, which is designed in order to make sure that solely trusted software program runs on the working system.

The safety expertise achieves this by verifying that the downloaded package deal is from a official developer and has been notarized by Apple – i.e., given a stamp of approval to make sure it isn’t been maliciously tampered with.


“Gatekeeper additionally requests person approval earlier than opening downloaded software program for the primary time to ensure the person hasn’t been tricked into working executable code they believed to easily be an information file,” Apple notes in its help documentation.

It is also price noting archive information downloaded from the web are tagged with the “” prolonged attribute, together with the gadgets throughout the file, in order to set off a Gatekeeper test previous to execution.

However in a peculiar quirk found by Jamf, the Archive Utility fails so as to add the quarantine attribute to a folder “when extracting an archive containing two or extra information or folders in its root listing.”


Thus by creating an archive file with the extension “,” it results in a state of affairs the place an unarchival ends in the creation of a folder titled “,” whereas additionally missing the quarantine attribute.

This utility “will bypass all Gatekeeper checks permitting an unnotarized and/or unsigned binary to execute,” Jamf researcher Ferdous Saljooki, who found the flaw, mentioned. Apple mentioned it resolved the vulnerability with improved checks.

The findings come greater than six months after Apple addressed another similar flaw in macOS Catalina, Massive Sur 11.6.5, and Monterey 12.3 (CVE-2022-22616) that would enable a malicious ZIP archive to bypass Gatekeeper checks.

We will be happy to hear your thoughts

Leave a reply
Enable registration in settings - general